123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706 |
- <?php
- /**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- * @copyright Copyright (c) 2016, Lukas Reschke <lukas@statuscode.ch>
- *
- * @author Andreas Fischer <bantu@owncloud.com>
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Jörn Friedrich Dreyer <jfd@butonic.de>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Roger Szabo <roger.szabo@web.de>
- * @author root <root@localhost.localdomain>
- * @author Thomas Müller <thomas.mueller@tmit.eu>
- * @author Victor Dubiniuk <dubiniuk@owncloud.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace OCA\User_LDAP\Tests;
- use OCA\User_LDAP\Access;
- use OCA\User_LDAP\Connection;
- use OCA\User_LDAP\Exceptions\ConstraintViolationException;
- use OCA\User_LDAP\FilesystemHelper;
- use OCA\User_LDAP\Helper;
- use OCA\User_LDAP\ILDAPWrapper;
- use OCA\User_LDAP\LDAP;
- use OCA\User_LDAP\LogWrapper;
- use OCA\User_LDAP\Mapping\UserMapping;
- use OCA\User_LDAP\User\Manager;
- use OCA\User_LDAP\User\OfflineUser;
- use OCA\User_LDAP\User\User;
- use OCP\IAvatarManager;
- use OCP\IConfig;
- use OCP\IDBConnection;
- use OCP\Image;
- use OCP\IUserManager;
- use OCP\Notification\IManager as INotificationManager;
- use Test\TestCase;
- /**
- * Class AccessTest
- *
- * @group DB
- *
- * @package OCA\User_LDAP\Tests
- */
- class AccessTest extends TestCase {
- /** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject */
- protected $userMapper;
- /** @var Connection|\PHPUnit_Framework_MockObject_MockObject */
- private $connection;
- /** @var LDAP|\PHPUnit_Framework_MockObject_MockObject */
- private $ldap;
- /** @var Manager|\PHPUnit_Framework_MockObject_MockObject */
- private $userManager;
- /** @var Helper|\PHPUnit_Framework_MockObject_MockObject */
- private $helper;
- /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
- private $config;
- /** @var IUserManager|\PHPUnit_Framework_MockObject_MockObject */
- private $ncUserManager;
- /** @var Access */
- private $access;
- public function setUp() {
- $this->connection = $this->createMock(Connection::class);
- $this->ldap = $this->createMock(LDAP::class);
- $this->userManager = $this->createMock(Manager::class);
- $this->helper = $this->createMock(Helper::class);
- $this->config = $this->createMock(IConfig::class);
- $this->userMapper = $this->createMock(UserMapping::class);
- $this->ncUserManager = $this->createMock(IUserManager::class);
- $this->access = new Access(
- $this->connection,
- $this->ldap,
- $this->userManager,
- $this->helper,
- $this->config,
- $this->ncUserManager
- );
- $this->access->setUserMapper($this->userMapper);
- }
- private function getConnectorAndLdapMock() {
- $lw = $this->createMock(ILDAPWrapper::class);
- $connector = $this->getMockBuilder(Connection::class)
- ->setConstructorArgs([$lw, null, null])
- ->getMock();
- $um = $this->getMockBuilder(Manager::class)
- ->setConstructorArgs([
- $this->createMock(IConfig::class),
- $this->createMock(FilesystemHelper::class),
- $this->createMock(LogWrapper::class),
- $this->createMock(IAvatarManager::class),
- $this->createMock(Image::class),
- $this->createMock(IDBConnection::class),
- $this->createMock(IUserManager::class),
- $this->createMock(INotificationManager::class)])
- ->getMock();
- $helper = new Helper(\OC::$server->getConfig());
- return array($lw, $connector, $um, $helper);
- }
- public function testEscapeFilterPartValidChars() {
- $input = 'okay';
- $this->assertTrue($input === $this->access->escapeFilterPart($input));
- }
- public function testEscapeFilterPartEscapeWildcard() {
- $input = '*';
- $expected = '\\\\*';
- $this->assertTrue($expected === $this->access->escapeFilterPart($input));
- }
- public function testEscapeFilterPartEscapeWildcard2() {
- $input = 'foo*bar';
- $expected = 'foo\\\\*bar';
- $this->assertTrue($expected === $this->access->escapeFilterPart($input));
- }
- /**
- * @dataProvider convertSID2StrSuccessData
- * @param array $sidArray
- * @param $sidExpected
- */
- public function testConvertSID2StrSuccess(array $sidArray, $sidExpected) {
- $sidBinary = implode('', $sidArray);
- $this->assertSame($sidExpected, $this->access->convertSID2Str($sidBinary));
- }
- public function convertSID2StrSuccessData() {
- return array(
- array(
- array(
- "\x01",
- "\x04",
- "\x00\x00\x00\x00\x00\x05",
- "\x15\x00\x00\x00",
- "\xa6\x81\xe5\x0e",
- "\x4d\x6c\x6c\x2b",
- "\xca\x32\x05\x5f",
- ),
- 'S-1-5-21-249921958-728525901-1594176202',
- ),
- array(
- array(
- "\x01",
- "\x02",
- "\xFF\xFF\xFF\xFF\xFF\xFF",
- "\xFF\xFF\xFF\xFF",
- "\xFF\xFF\xFF\xFF",
- ),
- 'S-1-281474976710655-4294967295-4294967295',
- ),
- );
- }
- public function testConvertSID2StrInputError() {
- $sidIllegal = 'foobar';
- $sidExpected = '';
- $this->assertSame($sidExpected, $this->access->convertSID2Str($sidIllegal));
- }
- public function testGetDomainDNFromDNSuccess() {
- $inputDN = 'uid=zaphod,cn=foobar,dc=my,dc=server,dc=com';
- $domainDN = 'dc=my,dc=server,dc=com';
- $this->ldap->expects($this->once())
- ->method('explodeDN')
- ->with($inputDN, 0)
- ->will($this->returnValue(explode(',', $inputDN)));
- $this->assertSame($domainDN, $this->access->getDomainDNFromDN($inputDN));
- }
- public function testGetDomainDNFromDNError() {
- $inputDN = 'foobar';
- $expected = '';
- $this->ldap->expects($this->once())
- ->method('explodeDN')
- ->with($inputDN, 0)
- ->will($this->returnValue(false));
- $this->assertSame($expected, $this->access->getDomainDNFromDN($inputDN));
- }
- public function dnInputDataProvider() {
- return [[
- [
- 'input' => 'foo=bar,bar=foo,dc=foobar',
- 'interResult' => array(
- 'count' => 3,
- 0 => 'foo=bar',
- 1 => 'bar=foo',
- 2 => 'dc=foobar'
- ),
- 'expectedResult' => true
- ],
- [
- 'input' => 'foobarbarfoodcfoobar',
- 'interResult' => false,
- 'expectedResult' => false
- ]
- ]];
- }
- /**
- * @dataProvider dnInputDataProvider
- * @param array $case
- */
- public function testStringResemblesDN($case) {
- list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
- /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
- $config = $this->createMock(IConfig::class);
- $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
- $lw->expects($this->exactly(1))
- ->method('explodeDN')
- ->will($this->returnCallback(function ($dn) use ($case) {
- if($dn === $case['input']) {
- return $case['interResult'];
- }
- return null;
- }));
- $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
- }
- /**
- * @dataProvider dnInputDataProvider
- * @param $case
- */
- public function testStringResemblesDNLDAPmod($case) {
- list(, $con, $um, $helper) = $this->getConnectorAndLdapMock();
- /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
- $config = $this->createMock(IConfig::class);
- $lw = new LDAP();
- $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
- if(!function_exists('ldap_explode_dn')) {
- $this->markTestSkipped('LDAP Module not available');
- }
- $this->assertSame($case['expectedResult'], $access->stringResemblesDN($case['input']));
- }
- public function testCacheUserHome() {
- $this->connection->expects($this->once())
- ->method('writeToCache');
- $this->access->cacheUserHome('foobar', '/foobars/path');
- }
- public function testBatchApplyUserAttributes() {
- $this->ldap->expects($this->any())
- ->method('isResource')
- ->willReturn(true);
- $this->ldap->expects($this->any())
- ->method('getAttributes')
- ->willReturn(['displayname' => ['bar', 'count' => 1]]);
- /** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
- $mapperMock = $this->createMock(UserMapping::class);
- $mapperMock->expects($this->any())
- ->method('getNameByDN')
- ->willReturn(false);
- $mapperMock->expects($this->any())
- ->method('map')
- ->willReturn(true);
- $userMock = $this->createMock(User::class);
- // also returns for userUuidAttribute
- $this->access->connection->expects($this->any())
- ->method('__get')
- ->will($this->returnValue('displayName'));
- $this->access->setUserMapper($mapperMock);
- $displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
- $data = [
- [
- 'dn' => ['foobar'],
- $displayNameAttribute => 'barfoo'
- ],
- [
- 'dn' => ['foo'],
- $displayNameAttribute => 'bar'
- ],
- [
- 'dn' => ['raboof'],
- $displayNameAttribute => 'oofrab'
- ]
- ];
- $userMock->expects($this->exactly(count($data)))
- ->method('processAttributes');
- $this->userManager->expects($this->exactly(count($data) * 2))
- ->method('get')
- ->will($this->returnValue($userMock));
- $this->access->batchApplyUserAttributes($data);
- }
- public function testBatchApplyUserAttributesSkipped() {
- /** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
- $mapperMock = $this->createMock(UserMapping::class);
- $mapperMock->expects($this->any())
- ->method('getNameByDN')
- ->will($this->returnValue('a_username'));
- $userMock = $this->createMock(User::class);
- $this->access->connection->expects($this->any())
- ->method('__get')
- ->will($this->returnValue('displayName'));
- $this->access->setUserMapper($mapperMock);
- $displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
- $data = [
- [
- 'dn' => ['foobar'],
- $displayNameAttribute => 'barfoo'
- ],
- [
- 'dn' => ['foo'],
- $displayNameAttribute => 'bar'
- ],
- [
- 'dn' => ['raboof'],
- $displayNameAttribute => 'oofrab'
- ]
- ];
- $userMock->expects($this->never())
- ->method('processAttributes');
- $this->userManager->expects($this->any())
- ->method('get')
- ->willReturn($this->createMock(User::class));
- $this->access->batchApplyUserAttributes($data);
- }
- public function testBatchApplyUserAttributesDontSkip() {
- /** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
- $mapperMock = $this->createMock(UserMapping::class);
- $mapperMock->expects($this->any())
- ->method('getNameByDN')
- ->will($this->returnValue('a_username'));
- $userMock = $this->createMock(User::class);
- $this->access->connection->expects($this->any())
- ->method('__get')
- ->will($this->returnValue('displayName'));
- $this->access->setUserMapper($mapperMock);
- $displayNameAttribute = strtolower($this->access->connection->ldapUserDisplayName);
- $data = [
- [
- 'dn' => ['foobar'],
- $displayNameAttribute => 'barfoo'
- ],
- [
- 'dn' => ['foo'],
- $displayNameAttribute => 'bar'
- ],
- [
- 'dn' => ['raboof'],
- $displayNameAttribute => 'oofrab'
- ]
- ];
- $userMock->expects($this->exactly(count($data)))
- ->method('processAttributes');
- $this->userManager->expects($this->exactly(count($data) * 2))
- ->method('get')
- ->will($this->returnValue($userMock));
- $this->access->batchApplyUserAttributes($data);
- }
- public function dNAttributeProvider() {
- // corresponds to Access::resemblesDN()
- return array(
- 'dn' => array('dn'),
- 'uniqueMember' => array('uniquemember'),
- 'member' => array('member'),
- 'memberOf' => array('memberof')
- );
- }
- /**
- * @dataProvider dNAttributeProvider
- * @param $attribute
- */
- public function testSanitizeDN($attribute) {
- list($lw, $con, $um, $helper) = $this->getConnectorAndLdapMock();
- /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject $config */
- $config = $this->createMock(IConfig::class);
- $dnFromServer = 'cn=Mixed Cases,ou=Are Sufficient To,ou=Test,dc=example,dc=org';
- $lw->expects($this->any())
- ->method('isResource')
- ->will($this->returnValue(true));
- $lw->expects($this->any())
- ->method('getAttributes')
- ->will($this->returnValue(array(
- $attribute => array('count' => 1, $dnFromServer)
- )));
- $access = new Access($con, $lw, $um, $helper, $config, $this->ncUserManager);
- $values = $access->readAttribute('uid=whoever,dc=example,dc=org', $attribute);
- $this->assertSame($values[0], strtolower($dnFromServer));
- }
- /**
- * @expectedException \Exception
- * @expectedExceptionMessage LDAP password changes are disabled
- */
- public function testSetPasswordWithDisabledChanges() {
- $this->connection
- ->method('__get')
- ->willReturn(false);
- /** @noinspection PhpUnhandledExceptionInspection */
- $this->access->setPassword('CN=foo', 'MyPassword');
- }
- public function testSetPasswordWithLdapNotAvailable() {
- $this->connection
- ->method('__get')
- ->willReturn(true);
- $connection = $this->createMock(LDAP::class);
- $this->connection
- ->expects($this->once())
- ->method('getConnectionResource')
- ->willReturn($connection);
- $this->ldap
- ->expects($this->once())
- ->method('isResource')
- ->with($connection)
- ->willReturn(false);
- /** @noinspection PhpUnhandledExceptionInspection */
- $this->assertFalse($this->access->setPassword('CN=foo', 'MyPassword'));
- }
- /**
- * @expectedException \OC\HintException
- * @expectedExceptionMessage Password change rejected.
- */
- public function testSetPasswordWithRejectedChange() {
- $this->connection
- ->method('__get')
- ->willReturn(true);
- $connection = $this->createMock(LDAP::class);
- $this->connection
- ->expects($this->once())
- ->method('getConnectionResource')
- ->willReturn($connection);
- $this->ldap
- ->expects($this->once())
- ->method('isResource')
- ->with($connection)
- ->willReturn(true);
- $this->ldap
- ->expects($this->once())
- ->method('modReplace')
- ->with($connection, 'CN=foo', 'MyPassword')
- ->willThrowException(new ConstraintViolationException());
- /** @noinspection PhpUnhandledExceptionInspection */
- $this->access->setPassword('CN=foo', 'MyPassword');
- }
- public function testSetPassword() {
- $this->connection
- ->method('__get')
- ->willReturn(true);
- $connection = $this->createMock(LDAP::class);
- $this->connection
- ->expects($this->once())
- ->method('getConnectionResource')
- ->willReturn($connection);
- $this->ldap
- ->expects($this->once())
- ->method('isResource')
- ->with($connection)
- ->willReturn(true);
- $this->ldap
- ->expects($this->once())
- ->method('modReplace')
- ->with($connection, 'CN=foo', 'MyPassword')
- ->willReturn(true);
- /** @noinspection PhpUnhandledExceptionInspection */
- $this->assertTrue($this->access->setPassword('CN=foo', 'MyPassword'));
- }
- protected function prepareMocksForSearchTests(
- $base,
- $fakeConnection,
- $fakeSearchResultResource,
- $fakeLdapEntries
- ) {
- $this->connection
- ->expects($this->any())
- ->method('getConnectionResource')
- ->willReturn($fakeConnection);
- $this->connection->expects($this->any())
- ->method('__get')
- ->willReturnCallback(function($key) use ($base) {
- if(stripos($key, 'base') !== false) {
- return $base;
- }
- return null;
- });
- $this->ldap
- ->expects($this->any())
- ->method('isResource')
- ->willReturnCallback(function ($resource) use ($fakeConnection) {
- return $resource === $fakeConnection;
- });
- $this->ldap
- ->expects($this->any())
- ->method('errno')
- ->willReturn(0);
- $this->ldap
- ->expects($this->once())
- ->method('search')
- ->willReturn([$fakeSearchResultResource]);
- $this->ldap
- ->expects($this->exactly(count($base)))
- ->method('getEntries')
- ->willReturn($fakeLdapEntries);
- $this->helper->expects($this->any())
- ->method('sanitizeDN')
- ->willReturnArgument(0);
- }
- public function testSearchNoPagedSearch() {
- // scenario: no pages search, 1 search base
- $filter = 'objectClass=nextcloudUser';
- $base = ['ou=zombies,dc=foobar,dc=nextcloud,dc=com'];
- $fakeConnection = new \stdClass();
- $fakeSearchResultResource = new \stdClass();
- $fakeLdapEntries = [
- 'count' => 2,
- [
- 'dn' => 'uid=sgarth,' . $base[0],
- ],
- [
- 'dn' => 'uid=wwilson,' . $base[0],
- ]
- ];
- $expected = $fakeLdapEntries;
- unset($expected['count']);
- $this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);
- /** @noinspection PhpUnhandledExceptionInspection */
- $result = $this->access->search($filter, $base);
- $this->assertSame($expected, $result);
- }
- public function testFetchListOfUsers() {
- $filter = 'objectClass=nextcloudUser';
- $base = ['ou=zombies,dc=foobar,dc=nextcloud,dc=com'];
- $attrs = ['dn', 'uid'];
- $fakeConnection = new \stdClass();
- $fakeSearchResultResource = new \stdClass();
- $fakeLdapEntries = [
- 'count' => 2,
- [
- 'dn' => 'uid=sgarth,' . $base[0],
- 'uid' => [ 'sgarth' ],
- ],
- [
- 'dn' => 'uid=wwilson,' . $base[0],
- 'uid' => [ 'wwilson' ],
- ]
- ];
- $expected = $fakeLdapEntries;
- unset($expected['count']);
- array_walk($expected, function(&$v) {
- $v['dn'] = [$v['dn']]; // dn is translated into an array internally for consistency
- });
- $this->prepareMocksForSearchTests($base, $fakeConnection, $fakeSearchResultResource, $fakeLdapEntries);
- $this->connection->expects($this->exactly($fakeLdapEntries['count']))
- ->method('writeToCache')
- ->with($this->stringStartsWith('userExists'), true);
- $this->userMapper->expects($this->exactly($fakeLdapEntries['count']))
- ->method('getNameByDN')
- ->willReturnCallback(function($fdn) {
- $parts = ldap_explode_dn($fdn, false);
- return $parts[0];
- });
- /** @noinspection PhpUnhandledExceptionInspection */
- $list = $this->access->fetchListOfUsers($filter, $attrs);
- $this->assertSame($expected, $list);
- }
- public function intUsernameProvider() {
- // system dependent :-/
- $translitExpected = @iconv('UTF-8', 'ASCII//TRANSLIT', 'fränk') ? 'frank' : 'frnk';
- return [
- ['alice', 'alice'],
- ['b/ob', 'bob'],
- ['charly🐬', 'charly'],
- ['debo rah', 'debo_rah'],
- ['epost@poste.test', 'epost@poste.test'],
- ['fränk', $translitExpected],
- [' gerda ', 'gerda'],
- ['🕱🐵🐘🐑', null]
- ];
- }
- /**
- * @dataProvider intUsernameProvider
- *
- * @param $name
- * @param $expected
- */
- public function testSanitizeUsername($name, $expected) {
- if($expected === null) {
- $this->expectException(\InvalidArgumentException::class);
- }
- $sanitizedName = $this->access->sanitizeUsername($name);
- $this->assertSame($expected, $sanitizedName);
- }
- public function testUserStateUpdate() {
- $this->connection->expects($this->any())
- ->method('__get')
- ->willReturnMap([
- [ 'ldapUserDisplayName', 'displayName' ],
- [ 'ldapUserDisplayName2', null],
- ]);
- $offlineUserMock = $this->createMock(OfflineUser::class);
- $offlineUserMock->expects($this->once())
- ->method('unmark');
- $regularUserMock = $this->createMock(User::class);
- $this->userManager->expects($this->atLeastOnce())
- ->method('get')
- ->with('detta')
- ->willReturnOnConsecutiveCalls($offlineUserMock, $regularUserMock);
- /** @var UserMapping|\PHPUnit_Framework_MockObject_MockObject $mapperMock */
- $mapperMock = $this->createMock(UserMapping::class);
- $mapperMock->expects($this->any())
- ->method('getNameByDN')
- ->with('uid=detta,ou=users,dc=hex,dc=ample')
- ->willReturn('detta');
- $this->access->setUserMapper($mapperMock);
- $records = [
- [
- 'dn' => ['uid=detta,ou=users,dc=hex,dc=ample'],
- 'displayName' => ['Detta Detkova'],
- ]
- ];
- $this->access->nextcloudUserNames($records);
- }
- }
|